Hello,

I need a special setup, where a linux box should act as star center in a network where all arms of the star have only a single device at their ends.
Each device is in it's own network (set up with own IP/28).
The linux machine would have two interfaces, on one an other PC, and on the other a switch to distribute the physical layer to theese devices. At any point in time only a limited number of devices will be connected phisically (below 100), but the router (the linux box) should be able to route between a PC and any of the connected devices (a total of around 3000). The devices are not suppose to communicate with eachother, but the PC should be able to reach all actually connected devices. Devices might come and go, and the communication between the PC and the devices still present should not be interrupted.

Is a linux box capable of such a task, which distribution is most suitable? Is IP aliasing or other method capable of handling 3000 IP addresses?

Regards, ZorgoZ

I don't know about distributions, but the Linux kernel is certainly capable of handling 3000 IP addresses.

If you want to separate the physical layers, IP aliasing will be of no use. Adding several addresses to the same interface means they share the same layer 2 network. This in turn means you won't be able to use DHCP to assign client addresses, as all broadcast traffic will be visible to everyone. There's also the issue that anyone wishing to see unicast traffic between other hosts can simply flood the switches with random MAC addresses.

To implement a scenario such as the one you're describing, you'll have to use VLANs. This is straightforward enough, as just about every switch on the market supports the required VLAN standard (802.1q), and Linux does so as well.

This is what you do: Define different VLANs on your switches, set up 802.1q trunk ports between switches and between the core switch and the Linux router, and create the required VLAN interfaces on the Linux box (vconfig add <interface> <VLAN ID>). Finally, configure each VLAN interface with an IP adress and set up a DHCP server if required. (And yes, I've done this myself, although with just 30 interfaces.)

Please note that although the 802.1q standard allows for up to 4094 different VLANs (4090 on Cisco gear), the cheaper switches can typically only handle 255 or 256 VLAN definitions (for no good reason, really). You'll need to read the specifications carefully.

Also, with that many VLANs you'll need switches that can automatically distribute VLAN definitions, as maintenance will quicly become an issue otherwise. Protocols such as MRP, GVRP or even the outdated Cisco VTP will do the trick.

1 members found this post helpful.

Hello,

Well, as I said, this is a special setup. Actually I do want to share physical layer, as this is the simplest infrastructure in this case. What you have described is certenly how it should be in regular conditions, but far too complicated for this case. I need the simplest one. I don't need DHCP as all devices have fixed IP, security is no issue either. Just to make the case clear: each of the devices is preconfigured for a specific network where it will be installed at the end. But before, I have to install something on them. I know all of their IP/netmask/gateway setting beforehand. The infrastructure I want is a tool so I can automate the installation and do it in parallel on many devices, without the need to change addresses during the process.

Actually in smaller setup I am adding many IPs an interface in a Windows PC. And it does what I need. But now I need to be able to reach many more devices. This is why I intend to put a router inbetween and - if anything, - a linux box could be capable of this.

I made a test today with a CentOS7 virtual machine: I have added 100 addresses to the /etc/sysconfig/network-scripts/ifcfg-eth1 (eth0 is facing the "PC", eth1 is facing the switch with the devices) and I have enabled IP forwarding. And it works - I can ping the devices from the PC.
But it looks, that there are still limits, as when I added all 3469 addresses, even though the network service restarted slowly with 'OK', "ip a" shows only 256 addresses on eth1, and "route" as well. And there was no error message...

So maybe the kernel can handle that much addresses, but looks not to be a default feature...
As far as some internet resources can tell, old kernels had this limitation. But current ones does not. I will check if ifcfg-eth1:x kind of aliasing has this limitation too. Would be interesting if not...

[Update]
I have not tested file-based aliasing after all. I have generated a script with "ip add add" and "route add" commands. And that executes correctly and adds all addresses like a charm. And it works.

Thank you.